If this is your first visit, be sure to
check out the FAQ by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

Rules Processing Order

Hi there,
I am trying to get my head around the order that ZA rules are processed; are there any specific articles on this that someone could point me to?
Are Firewall rules processed before Program rules or is it the other way around?
Regards,
Laurence.

Re: Rules Processing Order

Program rules go first, and if something is stopped or allowed then firewall rules don't play a role. Otherwise firewall rules go last.
Yes, there's a writeup in HELP, see the Contents tab, the Firewall protection, then Understanding expert. Also they put it all together in the Expert firewall rules and program permission section. Hope this helps.

Re: Rules Processing Order

Thanks for the reply zasuiteuser - much appreciated.
So Program Rules are evaluated before Firewall Rules.
OK, then looking at little deeper at Program Rules specifically one can Allow or
Block access to either the Internet or Trusted zones for a specific program.
In an effort to further my understanding how all the various firewall and program settings
work in ZA I looked at the settings for Internet Explorer.
For example If I set
Internet Access for Internet Explorer to Allow and
also create a single Expert Program Rule
to
Block
all ports and all destinations then
as I would expect I cannot browse the internet.
However if I set Internet Access for Internet Explorer to Block and create a single
Expert Program
Rule to Allow all ports and all destinations then I find I still cannot browse the internet.
This seems to infer that the Access permissions one sets for a program take precedence over any experts rules that are defined for that program.
Is it the case that if Internet Access is Blocked for a specific program then that programs expert rules are in effect ignored and not evaluated at all? This seems to be the case otherwise setting Internet Access to
Block for Internet Explorer with a single expert rule that allows all communication would still allow Internet Explorer to browse the internet when in practice using these program settings seems to block internet access entirely.
Regards,
Laurence.

Re: Rules Processing Order

I followed your thinking till I hit &quot;Is it the case that if Internet Access is Blocked for a specific program then that programs expert rules are in effect ignored and not evaluated at all?&quot; now I'm lost

Re: Rules Processing Order

Thank you Oldsod.
I understand that Firewall Expert, Firewall Zones and the custom/advanced settings for the Firewall are &quot;global packet filtering&quot; rules
that apply to all IP traffic..
I also understand that Program Access settings and Program Expert Rules apply to the IP traffic of a specific program.
All I was trying to get a handle on the order in which ZA checks to rules to determine whether or not a specific programs IP traffic
is either allowed or blocked.
If the answer is &quot;neither&quot; then I must confess I am totally confused.
Let's assume we have a program called prog.exe that tries to access the Internet Zone. In what order are the various rules evaluated to determine whether or not this program can access say the Internet Zone.
Regards,
Laurence.

Re: Rules Processing Order

<blockquote><hr>lhookway wrote:
Thank you Oldsod.
I understand that Firewall Expert, Firewall Zones and the custom/advanced settings for the Firewall are "global packet filtering" rules
that apply to all IP traffic..
I also understand that Program Access settings and Program Expert Rules apply to the IP traffic of a specific program.
All I was trying to get a handle on the order in which ZA checks to rules to determine whether or not a specific programs IP traffic
is either allowed or blocked.
If the answer is "neither" then I must confess I am totally confused.
Let's assume we have a program called prog.exe that tries to access the Internet Zone. In what order are the various rules evaluated to determine whether or not this program can access say the Internet Zone.
Regards,
Laurence.

<hr></blockquote>
"Program Rules either as Expert Rules or the as in the program's customizied settings, are pure "application rules". Program rules apply strictly to that particular program."

In your example of program.exe, the expert rules and the custom setting (in the program listing) are first examined, then the firewall's zones and expert are examined (along with any customization in the firewall settings). In that sequence, as far as I know.

If anything is blocked in any one of those stages, then that individual block will be followed (even in the custom and advanced settings too). (reason why I previously stated neither - it is a progression)

Try it with some expert for the program and see for yourself.
Block the email ports in either the firewall expert or in the zone customization and then set the email ports to be allowed in the email client's program expert and see what happens. Even though rules/settings for the email program will be first examined by the ZA, does the email client still connect?